41055 matches found
CLSA-2026-1774373385 Update of lkrg-kmod
Split RPM specs according to Fedora kmod packaging guidelines, one spec for kmod, one for userspace - Import modsign macros if requested by the module build - Make lkrg into a meta package which pulls lkrg-kmod and the systemd unit definition - Add lkrgtest module for testing and demonstrating...
Siemens Heliox EV Chargers
SUMMARY Heliox EV Chargers listed below contain improper access control vulnerability that could allow an attacker to reach unauthorized services via the charging cable. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL...
Siemens SIDIS Prime
SUMMARY SIDIS Prime before V4.0.800 is affected by multiple vulnerabilities in the components OpenSSL, SQLite, and several Node.js packages as described below. Siemens has released a new version of SIDIS Prime and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a...
Siemens RUGGEDCOM APE1808 Devices
SUMMARY Fortinet has published information on vulnerabilities in FORTIOS. This advisory lists the related Siemens Industrial products. Siemens has released a new version for RUGGEDCOM APE1808 and recommends to update to the latest version. 2. GENERAL RECOMMENDATIONS As a general security...
CVE-2026-26157
A flaw was found in BusyBox. Incomplete path sanitization in its archive extraction utilities allows an attacker to craft malicious archives that when extracted, and under specific conditions, may write to files outside the intended directory. This can lead to arbitrary file overwrite, potentiall...
Siemens Simcenter Femap and Nastran
SUMMARY Siemens Simcenter Femap and Nastran is affected by multiple file parsing vulnerabilities that could be triggered when the application reads files in NDB and XDB formats. If a user is tricked to open a malicious file with any of the affected products, this could lead the application to...
Siemens SINEC NMS
SUMMARY Multiple Siemens products are affected by two local privilege escalation vulnerabilities which could allow an low privileged attacker to load malicious DLLs, potentially leading to arbitrary code execution with elevated privileges. Siemens has released new versions for the affected...
Siemens SINEC OS
SUMMARY SINEC OS before V3.3 contains third-party components with multiple vulnerabilities. Siemens has released new versions for the affected products and recommends to update to the latest versions. 2. GENERAL RECOMMENDATIONS As a general security measure, Siemens strongly recommends to...
EUVD-2026-4556
The Set Bulk Post Categories plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1. This is due to missing nonce validation on the bulk category update functionality. This makes it possible for unauthenticated attackers to modify post categorie...
EUVD-2026-4595
Use of a Broken or Risky Cryptographic Algorithm vulnerability in Salesforce Marketing Cloud Engagement CloudPages, Forward to a Friend, Profile Center, Subscription Center, Unsub Center, View As Webpage modules allows Web Services Protocol Manipulation. This issue affects Marketing Cloud...
EUVD-2026-4380
Missing Authorization vulnerability in sheepfish WebP Conversion webp-conversion allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WebP Conversion: from n/a through = 2.1...
EUVD-2026-4468
MCP Manager for Claude Desktop execute-command Command Injection Sandbox Escape Vulnerability. This vulnerability allows remote attackers to bypass the sandbox on affected installations of MCP Manager for Claude Desktop. User interaction is required to exploit this vulnerability in that the targe...
EUVD-2026-3811
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in QantumThemes Kentha Elementor Widgets kentha-elementor allows PHP Local File Inclusion.This issue affects Kentha Elementor Widgets: from n/a through 3.1...
EUVD-2026-3829
Missing Authorization vulnerability in Brecht WP Recipe Maker wp-recipe-maker allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Recipe Maker: from n/a through = 10.2.4...
EUVD-2026-3959
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in goalthemes Lindo lindo allows PHP Local File Inclusion.This issue affects Lindo: from n/a through = 1.2.5...
EUVD-2026-3970
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in extremeidea bidorbuy Store Integrator bidorbuystoreintegrator allows Reflected XSS.This issue affects bidorbuy Store Integrator: from n/a through = 2.12.0...
EUVD-2026-4004
Missing Authorization vulnerability in cleverplugins SEO Booster seo-booster allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SEO Booster: from n/a through = 6.1.8...
EUVD-2026-4146
A security vulnerability has been detected in Totolink NR1800X 9.1.0u.6279B20210910. This issue affects the function setTracerouteCfg of the file /cgi-bin/cstecgi.cgi of the component POST Request Handler. Such manipulation of the argument command leads to command injection. The attack can be...
EUVD-2026-3457
HTML Injection vulnerability in Isshue by Bdtask, consisting os an HTML injection due to a lack os proper validation of user input by sending a POST request to '/categoryproductsearch', affecting the 'productname' parameter...
EUVD-2026-3176
A vulnerability was determined in Yonyou KSOA 9.0. This impacts an unknown function of the file /worksheet/workinfo.jsp of the component HTTP GET Parameter Handler. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been publicly...